In this episode of our Resilience series, “How to respond to an ICT-related incident,” Denise Murray, Head of Financial Services Compliance and Regulatory Relations, is joined by Ian Duffy, Partner in our Technology and Innovation Group. They share practical insights on identifying and managing ICT incidents, from phishing attacks and supply chain compromises to large-scale cyber breaches. The discussion covers activating response plans, engaging stakeholders, and meeting relevant regulatory obligations including under DORA and GDPR. They also highlight why documenting decisions during fast-moving disruptions and conducting lessons-learned reviews are essential for an effective and compliant response to incidents. For more insights and to access our resilience playbook, visit arthurcox.com/resilience.

In this episode of our Resilience series, “Mapping interconnections and interdependencies,” Denise Murray, Head of Financial Services Compliance and Regulatory Relations, and Ciaran Flynn, Head of Governance and Consulting Services, discuss how firms can strengthen resilience by mapping the critical connections between people, processes, technology, and third‑party providers. They explain how combining a top‑down view of licensed activities with a bottom‑up perspective from business continuity planning enables organisations to identify vulnerabilities and build a more robust resilience framework.

Siobhán McBean, Partner in our Asset Management and Investment Funds Group and Ciaran Flynn, Head of Governance and Consulting Services, discuss the latest changes in operational and digital resilience, focusing on recent updates from the Central Bank of Ireland. These updates bring local regulatory guidance into closer alignment with the EU’s Digital Operational Resilience Act (DORA), encouraging firms to adopt DORA’s standards as best practice. They explain why organisations now need to maintain separate but aligned frameworks for operational risk and operational resilience, and stress the importance of addressing both internal and external critical business functions to ensure robust protection against disruption.